From df913f245038a6a5fcab2e75ee0a84e74bdaabad Mon Sep 17 00:00:00 2001 From: zmstone Date: Sat, 23 Mar 2024 11:57:28 +0100 Subject: [PATCH] docs: refine changelog --- apps/emqx_conf/src/emqx_conf.erl | 4 ++-- changes/ce/feat-12750.en.md | 14 ++++++++++---- rel/i18n/emqx_schema.hocon | 4 ++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/apps/emqx_conf/src/emqx_conf.erl b/apps/emqx_conf/src/emqx_conf.erl index b685db278..122998eeb 100644 --- a/apps/emqx_conf/src/emqx_conf.erl +++ b/apps/emqx_conf/src/emqx_conf.erl @@ -424,14 +424,14 @@ is_missing_namespace(ShortName, FullName, RootNames) -> ShortName =:= FullName end. -%% Returns short name from full name, fullname delemited by colon(:). +%% Returns short name from full name, fullname delimited by colon(:). short_name(FullName) -> case string:split(FullName, ":") of [_, Name] -> to_bin(Name); _ -> to_bin(FullName) end. -%% Returns the hash-anchor from full name, fullname delemited by colon(:). +%% Returns the hash-anchor from full name, fullname delimited by colon(:). format_hash(FullName) -> case string:split(FullName, ":") of [Namespace, Name] -> diff --git a/changes/ce/feat-12750.en.md b/changes/ce/feat-12750.en.md index 33c1d0b4f..bd7375168 100644 --- a/changes/ce/feat-12750.en.md +++ b/changes/ce/feat-12750.en.md @@ -2,16 +2,18 @@ Customizable client attributes in `clientinfo`. Introduced a new field `client_attrs` in the `clientinfo` object. This enhancement enables the initialization of `client_attrs` with specific -attributes derived from the `clientinfo` fields upon accepting an MQTT connection. +attributes derived from the `clientinfo` fields, immediately up on accepting +an MQTT connection. ### Initialization of `client_attrs` - The `client_attrs` field can be initially populated based on the configuration from one of the following sources: + - `cn`: The common name from the TLS client's certificate. + - `dn`: The distinguished name from the TLS client's certificate, that is, the certificate "Subject". - `clientid`: The MQTT client ID provided by the client. - `username`: The username provided by the client. - - `cn`: The common name from the TLS client's certificate. - - `dn`: The distinguished name from the TLS client's certificate, i.e., the certificate "Subject". + - `user_property`: Extract a property value from 'User-Property' of the MQTT CONNECT packet. ### Extension through Authentication Responses @@ -21,7 +23,11 @@ attributes derived from the `clientinfo` fields upon accepting an MQTT connectio `client_attrs` field. - **JWT**: Attributes can be included via a `client_attrs` claim within the JWT. -### Usage in Authorization +### Usage in Authentication and Authorization + +- If `client_attrs` is initialized before authentication, it can be used in external authentication + requests. For instance, `${client_attrs.property1}` can be used within request templates + directed at an HTTP server for the purpose of authenticity validation. - The `client_attrs` can be utilized in authorization configurations or request templates, enhancing flexibility and control. Examples include: diff --git a/rel/i18n/emqx_schema.hocon b/rel/i18n/emqx_schema.hocon index 7539770db..62a908663 100644 --- a/rel/i18n/emqx_schema.hocon +++ b/rel/i18n/emqx_schema.hocon @@ -1592,7 +1592,7 @@ client_attrs_init_extract_from { - `clientid`: Extract from the client ID. - `username`: Extract from the username. - `cn`: Extract from the Common Name (CN) field of the client certificate. - - `dn`: Extract from the Distinguished Name (DN) field of the client certficate. + - `dn`: Extract from the Distinguished Name (DN) field of the client certificate. - `user_property`: Extract from the user property sent in the MQTT v5 `CONNECT` packet. In this case, `extract_regex` is not applicable, and `extract_as` should be the user property key. @@ -1605,7 +1605,7 @@ client_attrs_init_extract_regexp { desc: """~ The regular expression to extract a client attribute from the client property specified by `client_attrs_init.extract_from` config. The expression should match the entire client property value, and capturing groups are concatenated to make the client attribute. - For example if the client attribute is the first part of the client ID delemited by a dash, the regular expression would be `^(.+?)-.*$`. + For example if the client attribute is the first part of the client ID delimited by a dash, the regular expression would be `^(.+?)-.*$`. Note that failure to match the regular expression will result in the client attribute being absent but not an empty string.""" }